INFSA-2025:7429: redis:7 security update
Information about definition
Identificator: INFSA-2025:7429
Type: security
Release date: 2025-07-10 21:47:10 UTC
Information about package
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Vulnerabilities description
- CVE-2025-21605
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted, and the memory is unavailable. When password authentication is enabled on the Redis server but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system runs out of memory.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-21605
|
no information | 7.5 | no information |
Updated packages